Design/Logic Flaw

2016-11-2311:59:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.8%

JSON

The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device’s screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343.

CPENameOperatorVersion
samsung_mobileeq6.0

CPE	Name	Operator	Version
	samsung_mobile	eq	6.0

References

security.samsungmobile.com/smrupdate.html

www.securityfocus.com/bid/94494